CVE-2025-52469

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30

Description Chamilo is a learning management system. A logic issue in the friend request workflow of Chamilo’s social network module allows an authenticated user to add any user as a friend by directly calling an AJAX endpoint. The attacker bypasses the normal friend request process, and can even add non-existent users. This breaks access control and social interaction logic, potentially impacting privacy. The vulnerable endpoint is an AJAX endpoint used for managing friend requests. The issue is exploitable by any authenticated user, allowing them to manipulate the friend request workflow.

Recommendations Update to version 1.11.30 or later.